CVE-2025-51529
CVE-2025-51529CVE-2025-51529
followmedarling / cookies_and_content_security_policy
Description
Incorrect Access Control in the AJAX endpoint functionality in jonkastonka Cookies and Content Security Policy plugin through version 2.29 allows remote attackers to cause a denial of service (database server resource exhaustion) via unlimited database write operations to the wp_ajax_nopriv_cacsp_insert_consent_data endpoint.
Scoring
| CVSS | 5.3 () |
| Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N |
| Last modified | 2026-07-05 |